Vulnerabilities > CVE-2006-2020 - Information Disclosure vulnerability in Asterisk Recording Interface
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information. This vulnerability is addressed in the following product releases: Littlejohn Consulting, Asterisk Recording Interface, 0.10.00 and higher
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Asterisk Recording Interface 0.7.15 Audio.PHP Information Disclosure Vulnerability. CVE-2006-2020. Remote exploits for multiple platform |
id | EDB-ID:27716 |
last seen | 2016-02-03 |
modified | 2006-04-21 |
published | 2006-04-21 |
reporter | Francois Harvey |
source | https://www.exploit-db.com/download/27716/ |
title | Asterisk Recording Interface 0.7.15 Audio.PHP Information Disclosure Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | ASTERISK_CONFIG_FILE_DISCLOSURE.NASL |
description | The remote host is running Asterisk Recording Interface (ARI), a web-based portal for the Asterisk PBX software. The version of ARI installed on the remote host allows an unauthenticated attacker to view its configuration file, which contains sensitive information such as passwords. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21303 |
published | 2006-05-03 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21303 |
title | Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure |
code |
|
References
- http://secunia.com/advisories/19744
- http://www.osvdb.org/24805
- http://www.securityfocus.com/archive/1/431655/100/0/threaded
- http://www.securityfocus.com/bid/17641
- http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2006.1
- http://www.vupen.com/english/advisories/2006/1457
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25993